A guide to 3GPP security documents

原创 2010年06月04日 14:07:00



A guide to 3GPP security documents

Warning: this document is not maintained!

I first wrote this document in 2000, and it has not received updates since 2001. It should therefore be regarded as obsolete. I have nevertheless made it available as references to it exist and some people may still want to look at it at their own risk.

Click here if you are impatient

Click here if you are extremely impatient

You can always come back here and read the whole page if you get confused.


This page is here for people who want to learn about and study cryptographic aspects of 3GPP security documents. Please email me at user janos located at the site pobox.com with suggestions. Because of the obsolete status of this page, just about the only kind of suggestion I will consider is inserting a pointer to newer or better Web pages of this type.

3GPP, the 3rd Generation Partnership project, serves to produce standards for 3rd generation wireless phones. It kind of grew out of GSM.

In the last few years, GSM took a lot of flak for their approach to crypto algorithm design, which relied on keeping the algorithms secret. In fact, their various algorithms have been broken, as described here . (A person knowledgeable about GSM provided an alternative point of view on this: GSM broke entirely new ground in its use of cryptography in a mass market product - and the first steps were a bit tentative. It was also designed at a time when export restrictions on cryptographic products were a good deal tighter than they are now - which amongst other things meant that the algorithms were kept secret and could not benefit from public scrutiny. The result is a system which has generally done a good job of protecting its subscribers and operators, but in which some holes have appeared, and which is definitely showing its age today. Several pieces of cryptanalysis have been published. )

3GPP has chosen a superior approach to their crypto requirements. They are making open to the public all of their drafts, standards and recommendations, and rely on their algorithms withstanding the scrutiny of any interested researchers.

My aim in producing this page was to make it clear to any such "interested researchers" where and how these algorithms are published.

This page has nothing to do with North American wireless crypto standards promulgated by TIA. For more information on those algorithms, please refer to this FTP site .

3GPP organizational information

You can find out a lot about 3GPP by going to their Web site . You can probably find out anything that is on this page by going over to their Web site instead. Nevertheless, here are a few more concise hints.

3GPP is quite fond of acronyms. The parts of the organization that produce documents (that we are interested in) are called TSGs, which stands for Technical Specification Groups. The TSGs have names like SA, CN, RAN, etc. This explains a lot of the subdirectories in the root directory of their FTP server, ftp://ftp.3gpp.org .

The TSG of interest here is called SA, which stands for Services and System Aspects (I think). It corresponds to ftp://ftp.3gpp.org/TSG_SA .

The TSG SA has various working groups, also known as WGs. The WGs are called simply SA1, SA2, SA3, SA4, SA5. The one of interest to us is SA3 (also known as S3), which is responsible for Security. It corresponds to ftp://ftp.3gpp.org/TSG_SA/WG3_Security/ .

Here is how S3 operates. They meet every couple of months. Each meeting has a number. For example, S3 had their meeting #14 in Oslo, Norway, from August 1 to August 4 of 2000. This meeting is often referred to as S3#14. Documents from this meeting are to be found in ftp://ftp.3gpp.org/TSG_SA/WG3_Security/TSGS3_14_Oslo/ . This directory, and other meetings directories, have various subdirectories, the two most interesting ones of them are Report , and Docs . The former contains a report that summarizes what happened at the meeting and what documents were considered/produced there.

The actual documents are stored in the Docs directory. They have names like S3-000404.pdf, which denotes S3 document number "0404" in the year 20"00". Now you can see why you need to look at the report to find your way around.

S3 is generally responsible for the maintenance and developement of a certain set of 3GPP documents, which fall into two groups: TSes (technical standards) and TRs (technical reports). However, the S3 is not allowed to make changes in these documents itself. Instead, it has to produce CRs (change requests) which are forwarded for approval up one level, to the TSG SA, at their next plenary meeting. TSG SA will usually, but not always, approve the CR and agree to make the changes.

Another designation that often occurs in the WG meeting documents is LS, which stands for Liaison Statement. These are produced if S3 reaches a point in their discussion where it becomes necessary to consult another WG for guidance. This can happen, for example, if some document produced by that other WG is not clear on something. Since the other WG will not be in session at the same time, an LS is drafted and sent to them to deal with at their next meeting. The other WG will produce another LS in turn to answer the question, and send it back to S3 for its next meeting, and so on.

TSG SA plenary meetings occur somewhat less frequently than S3 meetings. They are also numbered, e.g., meeting #8 took place in Duesseldorf, Germany, from June 26 to June 28, 2000. You can find documents about their meetings in ftp://ftp.3gpp.org/TSG_SA/TSG_SA/ .

Two other organizations that are sometimes mentioned are ETSI and SAGE. ETSI stands for European Telecommunications Standards Institute , which had close ties with GSM and is still somehow connected to 3GPP. SAGE stands for Security Algorithms Group of Experts , and either belongs to or has been established by ETSI. SAGE tends to produce algorithms and algorithm evaluations for 3GPP, or, more specifically, for S3.

3GPP security documents

Now that all that is covered, let's get down to the documents. Most (but not all) 3GPP documents are available in PDF format, which is what I will give pointers to below, whenever possible. Every document is available in a MS Word format too, but I'll let MS Word enthusiasts worry about that.

That concludes the list of algorithms that I think would be particularly good to look at, but I would be more than happy to provide a link to BEANO if someone tells me what the link is etc.

If you have written, or otherwise know about, research papers about these algorithms, please let me know! I will provide a link to them from here.


I thank Steve Babbage, Charles Brookson, Daniel Ferguson, Chiara Dotti, Ian Goldberg (who suggested that I create a page like this), Peter Howard, Geir Køien, Jim Reeds, Gert Roelofsen, Greg Rose, Bill Sommerfeld, Marco Tosalli, David Wagner, and others, for useful suggestions.

Closing exhortation

And now, gentle reader, go forth and study those algorithms!

Yours, Janos A. Csirik

This page was last edited on 28th August 2003, but pages linked from here might have been edited more recently. Also, these edits must have been minor formatting changes since I stopped maintaining the contents back in 2001. HTML 4.01 .

Helloworld Spring Security Java config页面翻译

本文是本人对Helloworld Spring Security 中java config方式的翻译,由于本人英语水平太差,想通过翻译技术文档的方式来学习英语和技术,同时也可以为以后方便自己查看。 ...
  • u014053022
  • u014053022
  • 2016年07月30日 20:33
  • 251

3GPP TS 24.301 V12.4.0 中文版---1&2&3

3GPP TS 23.122 V12.4.0 3rd Generation Partnership Project; Technical Specification Group Core Netw...
  • mouse1598189
  • mouse1598189
  • 2015年10月26日 16:02
  • 4102

阅读<A Practical Guide to Support Vector Classification>

看了很多关于SVM的介绍,总觉得隔靴搔痒,不够尽兴,没想到这篇LibSVM官网中的简单说明,倒是说的很透彻,对于理解SVM及其具体应用场合大有裨益。 看来还真的是:能深入浅出说的简单的才是真的到位。...
  • fjssharpsword
  • fjssharpsword
  • 2016年12月26日 08:39
  • 2136

RBM训练指导手册粗略(A Practical Guide to Training Restricted Boltzmann Machines)

引言 这是Geo rey Hinton的文章A Practical Guide to Training Restricted Boltzmann Machines的主要内容翻译,有大量省略 主要的目的...
  • vinson0526
  • vinson0526
  • 2014年03月03日 20:01
  • 4193

A Business Guide to Information Security

版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章原始出版、作者信息和本声明。否则将追究法律责任。http://blog.csdn.net/topmvp - topmvp* Vital r...
  • topmvp
  • topmvp
  • 2008年10月12日 17:18
  • 260

IOS安全编码指南 Secure Coding Guide -- 01 Introduction 下

IOS安全编码指南 Secure Coding Guide -- 01 Introduction 下 No Platform Is Immune         platform |ˈp...
  • u014222687
  • u014222687
  • 2016年06月10日 09:30
  • 446

A guide to convolution arithmetic for deep learning

一、Discrete convolutions A discrete convolution is a linear transformation that preserves this notion...
  • mzpmzk
  • mzpmzk
  • 2016年11月23日 16:31
  • 1636

【APIs — A Strategy Guide】第一章 API的机遇

  • huawei_eSDK
  • huawei_eSDK
  • 2016年06月02日 09:30
  • 2448

owasp testing guide 2014 中文

  • cnbird2008
  • cnbird2008
  • 2015年03月09日 21:01
  • 1843

LIBSVM新手指导——《A Practical Guide to Support Vector Classification》翻译

  • sinat_25857925
  • sinat_25857925
  • 2017年04月11日 14:05
  • 446
您举报文章:A guide to 3GPP security documents